If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Anyway, since this is supposed to be a security product and since it would be housing all of our logs, I'd have to say that this initial finding removes it from the list of viable solutions, at least for shops that take security seriously.

Hope this saves someone some time. I know that if we had this info from the start, we wouldn't have even bothered to ask for a demo.

PS
We pumped 8 records per second to the box and it was at about 98% utilization. Hate to see what would happen if I directed my firewall logs at this thing

--Th13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Hoss: You are $hitting me, right?.... that info in clear on a security box.....

I suppose you have looked at their site and seen all the awards they have on the front page..... Makes you wonder how those people evaluate security products.....

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Yes, no ****. I can throw the packet dump in here if anyone cares to take a peak. Also, after looking further, I see that with the proper XML code, I can monitor all events realtime because the database does not authenticate a damn thing.

LOL!!!

WooHOO!! Got my hammer out today!!! **EVIL grin*

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

It makes you wonder how they can put up a page like this really, doesn't it! Along with all the awards they list here I'd like to know if anyone has even done as basic a test as you have.......

If they had a clue as to the MO of a cracker they would know that step 2 after successful compromise is to cover your tracks. If the db authenticates nothing can I assume that it doesn't authenticate queries, delete queries to be precise? That being the case their phrase "Provides a SECURE, SCALABLE and FAULT TOLERANT solution for managing security data for key government infrastructures" is deeply rooted in BS.

Final question..... They have been working with COACT for six months for the purpose of EAL2 designation - is there a chance they would get it with this build of the software? 'Cos if they can it doesn't say a lot for EAL2.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

So...... Correct me if I'm wrong here..... With a password hash that never changes all I need to do is have a packet crafted ready to insert into the stream and begin a normal login stream. At the appropriate moment I should be able to inject the authentication information and it would be accepted? From this point onwards I am an admin of the system for the remainder of the session?

That seems too easy..... I'm not really into the "breaking" part of this.... I work more on perimeter security than internal due to my user base.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

LOL, you don't even have to do that. I just figured out that the database engine does not auth a damn thing. What does this mean? It means that I can monitor realtime events on the box as they happen. If I'm an evil mean hax0r, I can probe the network to see what is logged and what isn't. After some recon of this type, I can plan a stealthy attack and no one would know the better.

I have informed NetForensics about these problems. I have received no oral or written comment other than 4 bug tracking tickets from their helpdesk. Needless to say, my eval of the product is over .

--TH13

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden